IP Intelligence Briefing: 23.129.64.170
Date: 2026-06-10
---
**Key Risk Indicators**
- Risk Score: 70 (High Risk)
- Network Role: Tor Exit Node (Emerald Onion)
- DNSBL Listings: 4/8 total lists (moderate abuse risk)
- Subnet Abuse Density: 17% (24/144 IPs flagged in 23.129.64.0/24)
---
**Threat Context**
- Tor Association: Linked to Tor Exit Node infrastructure, which is often used for anonymity but can host malicious traffic.
- TLS Certificate:
- Issuer: `CN=www.eu6obdjccmrqoh.com`
- Subject: `CN=www.hlx27br3seyjsw.net`
- No self-signed flags, but mismatched issuer/subject may indicate misconfiguration or spoofing.
- Open Ports:
- HTTP (80) and HTTPS (443) services detected.
- TLS 1.3 protocol with cipher suite `TLS_AES_256_GCM_SHA384`.
---
**Geolocation & Network**
- Location: Seattle, WA, US (geoPlausible: False)
- BGP Analysis:
- ASN 396507 (Emerald Onion)
- Route stability: Stable (no recent changes)
- RTT anomalies: 79ms observed vs. expected 152.5ms for 7,626km distance.
---
**Subnet & Neighborhood**
- Subnet: 23.129.64.0/24
- Neighbor Risk:
- 7 high-risk IPs (7%)
- 71 medium-risk IPs (74%)
- 18 low-risk IPs (19%)
- Abuse Density: 17% (moderate risk for subnet).
---
**Observation History**
- Recent Signals:
- TLS certificate validation (2026-06-10)
- DNSBL listings (4/8)
- BGP route stability (no changes in 30 days)
- No Persistent Threat: No long-term malicious activity detected (threatObservationCount: 0).
---
**Actionable Recommendations**
1. Monitor Tor Traffic: Block or monitor traffic from this subnet (23.129.64.0/24) due to Tor exit node association.
2. Inspect TLS Configuration: Verify certificate validity and ensure no misconfigured services are exposing internal networks.
3. Subnet-Level Mitigation: Apply firewall rules to restrict access to the 23.129.64.0/24 subnet, given its abuse density.
4. Geolocation Validation: Investigate the geoPlausible flag discrepancy to prevent spoofing risks.
---
Conclusion:
This IP is linked to Tor infrastructure and has a moderate abuse risk due to DNSBL listings and a subnet with multiple high-risk neighbors. While no direct malicious activity is observed, its Tor association and network context warrant close monitoring.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Emerald Onion |
| ASN | AS396507 |
| Network Name | β |
| CIDR Block | 23.129.64.0/24 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Tier 3 β Basic operator with some routing infrastructure |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| Closed Ports | 22, 25, 3389, 8080, 8443 (2 open / 7 scanned) | ||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | 2025-12-22T00:00:00+00:00 |
| Valid Until | 2026-10-03T23:59:59+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 285 days |
| Serial Number | 6D24CA14E2BE8A30 |
| Thumbprint | 4EBC4B3F0378FD2C4B90FE40E743350D40C13947 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 58% | 2 | 11 |
| routing | 24% | 2 | 3 |
| services | 34% | 2 | 3 |
| ownership | 41% | 3 | 10 |
| reputation | 20% | 1 | 2 |
| geolocation | 30% | 2 | 3 |
| Overall | 34% | 12 | 32 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Low (35%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 13:35:50 UTC |
| Last Seen | 2026-06-26 21:06:52 UTC |
| Profile Built | 2026-06-27 16:00:30 UTC |
| Data Freshness | Live |
| Signal Types | 26 |
| Total Observations | 68 |
Full dossier details are available via our API.